I think I've gotten it to work. I had to create a policy
"permit-apim-to-authenticated.xml" and also, in order to access fedora
remotely, I had to add the IP of the remote machine (my dev machine) to the
deny-apim-if-not-localhost.xml
Vincent Vu Nguyen
From: Nguyen, Vincent (CDC/OD/OADS) (CTR)
Sent: Thursday, June 14, 2012 8:48 AM
To: Support and info exchange list for Fedora users.
(fedora-commons-users@lists.sourceforge.net)
Subject: [fcrepo-user] Permissions issue after upgrading to Fedora 3.4
I've just upgraded our fedora from 3.2 to 3.4 and now I'm getting a permissions
error when trying to access APIM methods. I'm I missing some security setting?
I'm calling APIM as "fedoraPublic", which is a user defined in fedora-users.xml
<user name="fedoraPublic" password="fedoraPublic">
<attribute name="fedoraRole">
<value>public</value>
</attribute>
</user>
Here is the log:
ERROR 2012-06-14 08:41:46.132 [http-8080-7] (FedoraAPIMBindingSOAPHTTPImpl)
Error getting datastreams
org.fcrepo.server.errors.authorization.AuthzDeniedException:
at
org.fcrepo.server.security.PolicyEnforcementPoint.enforce(PolicyEnforcementPoint.java:422)
[fcrepo-server-3.4.2.jar:na]
at
org.fcrepo.server.security.DefaultAuthorization.enforceGetDatastreams(DefaultAuthorization.java:720)
[fcrepo-server-3.4.2.jar:na]
at
org.fcrepo.server.management.DefaultManagement.getDatastreams(DefaultManagement.java:1156)
[fcrepo-server-3.4.2.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[na:1.6.0_26]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[na:1.6.0_26]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[na:1.6.0_26]
at java.lang.reflect.Method.invoke(Method.java:597) [na:1.6.0_26]
at
org.fcrepo.server.messaging.NotificationInvocationHandler.invoke(NotificationInvocationHandler.java:68)
[fcrepo-server-3.4.2.jar:na]
at $Proxy18.getDatastreams(Unknown Source) [na:na]
at
org.fcrepo.server.management.ManagementModule.getDatastreams(ManagementModule.java:309)
[fcrepo-server-3.4.2.jar:na]
at
org.fcrepo.server.management.FedoraAPIMBindingSOAPHTTPImpl.getDatastreams(FedoraAPIMBindingSOAPHTTPImpl.java:423)
[fcrepo-server-3.4.2.jar:na]
at
org.fcrepo.server.management.FedoraAPIMBindingSOAPHTTPSkeleton.getDatastreams(FedoraAPIMBindingSOAPHTTPSkeleton.java:427)
[fcrepo-common-3.4.2.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[na:1.6.0_26]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[na:1.6.0_26]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[na:1.6.0_26]
at java.lang.reflect.Method.invoke(Method.java:597) [na:1.6.0_26]
at
org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
[axis-1.3-PATCHED.jar:na]
at
org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
[axis-1.3-PATCHED.jar:na]
at
org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
[axis-1.3-PATCHED.jar:na]
at
org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
[axis-1.3-PATCHED.jar:na]
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
[axis-1.3-PATCHED.jar:na]
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
[axis-1.3-PATCHED.jar:na]
at
org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453)
[axis-1.3-PATCHED.jar:na]
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
[axis-1.3-PATCHED.jar:na]
at
org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
[axis-1.3-PATCHED.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
[servlet-api.jar:na]
at
org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
[axis-1.3-PATCHED.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
[servlet-api.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.33]
at
org.fcrepo.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:235)
[fcrepo-server-3.4.2.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.33]
at
org.fcrepo.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:235)
[fcrepo-server-3.4.2.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.33]
at
org.fcrepo.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:235)
[fcrepo-server-3.4.2.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.33]
at
org.fcrepo.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:235)
[fcrepo-server-3.4.2.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.33]
at
org.fcrepo.server.security.servletfilters.FilterSetup.doFilter(FilterSetup.java:235)
[fcrepo-server-3.4.2.jar:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
[catalina.jar:6.0.33]
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
[catalina.jar:6.0.33]
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
[catalina.jar:6.0.33]
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:589)
[catalina.jar:6.0.33]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
[catalina.jar:6.0.33]
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291)
[catalina.jar:6.0.33]
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
[tomcat-coyote.jar:6.0.33]
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
[tomcat-coyote.jar:6.0.33]
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
[tomcat-coyote.jar:6.0.33]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_26]
Vincent Vu Nguyen
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
